Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Paysafe)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.01.2013, 18:12   #1
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Hallo zusammen,

mein Sohn hat ebenfalls einen GVU Trojaner eingefangen.
Bin als Laie leider hilflos.

Ich führe vorsorglich einen OTL Scan durch, das sollte Euch hoffentlich helfen.

Log Files folgen.

Besten Dank!

Extras.txt (Bemerkung: Computername wurde durch "***" ersetzt)

Code:
ATTFilter
OTL Extras logfile created on: 10.01.2013 18:52:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mhvn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 86,51% Memory free
7,71 Gb Paging File | 7,22 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,14 Gb Total Space | 368,03 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Drive F: | 25,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: mhvn | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09004233-493A-4391-97B7-A5BFFF6E5283}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0DC75824-3410-422E-A760-803797C33EA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E7F8796-4E6B-4E37-BCE0-5A28E72E8054}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1642CD04-4273-4E91-AFE5-BF7B9C6D8EC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D5B1A97-7D34-498F-A303-39926F9EC566}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{34163EB3-6137-4E95-BA14-1D664F1A516E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{395236C8-4694-4F19-A494-8F54DF075B6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44828939-5D1A-445B-A5C6-C0AEFC8EF663}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4ECC9ED0-3CCA-44D6-B087-458774D6EF55}" = rport=137 | protocol=17 | dir=out | app=system | 
"{65439844-A82D-42B6-B71D-1D01728A5B13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68EDBEC1-3871-4D9B-8BD4-BE7CF521B746}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C74A607-2B2C-4F0A-B469-D1384BFFCD92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B0F2EC1-F06E-4A0B-BFA0-B0C4D013E02C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{7F62626A-CED3-4E33-BDC8-1EF401F9C0C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9178E245-2DFC-4EE4-8700-F26BEE7947AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{96CC450D-375F-4FCB-860D-6635C8BC1FE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AC173001-99E7-4C08-8B1A-E9440D7A7F3C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0493D8A-1EFD-49DF-9278-BA96E0BE5CCA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C430DA4C-0FEE-4E8E-94DF-E3AE2994BFB2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D0A2711B-CCE2-4AF6-A92B-CC33B2845B60}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D1611589-C7DF-4A6F-A86A-1952F2FC944F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D8883483-3B1F-494D-98B7-CD6B3BBFA3EF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DD9CD87C-D453-491B-A5A8-6F3D9750F85E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EBF0C405-2D63-4D48-AC29-625DDDD13BBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EFD93783-ED33-4C97-8124-151C739135EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0FC202A-E0D6-4403-BABE-57F4F51DE8F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB7D33D2-09E5-4E13-9691-25BCE252121C}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C8542B-4323-4D1E-9358-C86E18D21AAB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{05012BC2-6B21-477C-BB81-94A8978B43D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0ADD05D5-7067-47FB-98EE-79326791CDD8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{0C09BE28-5523-4FDC-9843-A346C37E3252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19EBD1A5-AC35-4069-9DC7-9535F5275540}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1CB9AEAA-770D-4B42-A54B-C55F34AB7258}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{227ABC54-C6A9-4E03-A49E-641BE61E926D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2A8B0230-9393-4C16-9727-07C8AD9C4C70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2FA0060E-AB71-43E3-BA0E-2889EC7F4C38}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3577882B-4B8E-4DFE-9346-E91C6873C5B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{37012B81-9826-424B-8AC1-3D91FD3CA795}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{385DACF6-3D18-4F69-B680-67DAC6E038BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{3F0B848C-48E7-4B9C-BD20-73F909071B3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{43C7D522-225B-414B-96F0-CB8FBC6E079F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{509517E3-7CA8-43E4-9E4E-D0F092490525}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B75F2BB-75E3-4EE0-A7B4-55C91634E6EB}" = protocol=6 | dir=out | app=system | 
"{66BE2433-71E1-45AE-B51D-B11F34AAC8C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{729487D3-B8A0-4752-8F0F-A0E47FF2F4B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{74B25970-CFF8-4137-89E9-AB88E19AD83B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{77A5272B-EC41-4635-A6A6-5C449F7ECA49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{8939FBEC-160B-4971-ACFF-D12B33560586}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{92BCB5C6-9C23-4419-AC44-E2CBDED930D3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{96972D2D-1870-4C9B-9C86-AE5E719539F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C1C9756-4F85-4587-A15B-ED2633EFE4F5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A0027494-7D23-4921-91AF-D51F17DD26CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A68ACA36-F44F-48F0-B341-0C912ECA7C35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{AB2BEA9C-FC80-4CC5-8EF7-C11A927BB842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD1CA643-6A0B-4004-A04B-324F6AF68678}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AE2A8701-8B4B-4402-8EB8-BF0DE93A6D13}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{B3B6E64C-B368-43E2-B8EA-F476FD34D2A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{BD6C0C4E-6E86-41E3-BCC9-439E0B9C53EF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{BEC02E12-C58E-449E-A916-4036EDB0DD9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C33FC803-55D1-4278-AC22-3E0DAD72877E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5CC4D10-3A3D-43DA-A308-7E77B86F9866}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C94C6DA0-9682-480E-A644-923CB13F8C64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{C9AE18F7-162C-486C-BA75-79E96EACF17A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CC0012AF-DC92-44C6-99D3-FAF7D36F8C3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CE002317-34BA-4B60-8E53-213DDA15EBDB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DF50FF3A-ADA7-47B3-B082-77C63E8504C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F121F9B0-06B6-40E4-89F2-4A6056118189}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2E17232-A9F5-4012-A2A4-82CFC0ACF335}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F97C6696-32F1-4F7E-BA73-2EAFEC9B34CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE716FA7-B9CB-4E78-B3BD-13ECEE32E2DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{59FBCB12-6B52-4DD7-98FB-587AF58C04B1}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"TCP Query User{89D0F67C-B787-4389-B9BB-20AB9D299665}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
"TCP Query User{E9F1491B-9359-461B-9138-B0685CF21657}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F14F44AF-5FF4-4818-A1B8-8844D549D086}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
"TCP Query User{F57D67BC-C65E-452B-BA85-A71F333A691E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{FD75E862-D9C0-44A5-86D5-D57E3690B701}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{07FD7CBE-3ADE-4BD6-9A3C-0F06582E2CEE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{14D70BCC-7145-4D52-A91D-E529E37D8AF7}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{387A098E-29AF-4CE6-90F3-0CC7B874DFB9}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
"UDP Query User{4F3B04A0-788D-46E7-9A8E-1C8C42ADFBEF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{5485F2AC-A3BC-41EF-A253-3E95E54248FA}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe | 
"UDP Query User{EE490587-4831-4CF2-8FCB-E347B95DF82F}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017739C5-708B-4F4F-BAD3-FA2FF5431E15}" = VAIO Content Metadata Manager Settings
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A77A198F-B60B-481C-A645-64EE80849A12}" = VAIO Content Metadata Intelligent Network Service Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D506EFC9-08DF-47E4-A7BF-98305BE25250}" = VAIO Content Metadata XML Interface Library
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{010237D8-8494-4E56-90CE-3194D3F521E6}" = VAIO Content Metadata Intelligent Network Service Manager
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{21E548DE-0C2B-4843-8A7B-E69B4CF8BA33}" = VAIO Content Metadata Manager Settings
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27F9068F-27D3-42FF-BE10-94CC94F46F33}" = VAIO Content Metadata Manager Settings
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F66901C-D9F2-4C83-9808-2DA0166265B6}" = VAIO Content Metadata Intelligent Network Service Manager
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D062554-2823-4205-ABBC-390AE5B72C45}" = VAIO Content Metadata Manager Settings
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{68249B7B-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition 1.3.1_20
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79C3D1B6-32CB-43DF-BA80-CE48E7A2D6C7}" = VAIO Content Metadata Intelligent Network Service Manager
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D1DDBF1-2948-4603-B06A-0E36487CC857}" = VAIO Content Metadata XML Interface Library
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A158A7A4-495E-225F-E6A2-C8EC20B65DB7}" = svBuilder
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E24B9887-D3A0-434B-8D60-F1F06CACC127}" = DATA BECKER CD-Druckerei 6
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F400E7EB-BF07-4D9C-8AAE-81DF98CAF3F2}" = VAIO Content Metadata XML Interface Library
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBED4E82-750B-4D00-9719-90358BF3942B}" = VAIO Content Metadata XML Interface Library
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.14 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular für Unternehmer 12.2.1.6570u" = ElsterFormular-Upgrade
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IP Camera" = IP Camera
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"splashtop" = VAIO Quick Web Access
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"svBuilder" = svBuilder
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 18:16:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11810
 
Error - 09.01.2013 18:16:37 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11810
 
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12808
 
Error - 09.01.2013 18:16:38 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12808
 
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13822
 
Error - 09.01.2013 18:16:39 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13822
 
Error - 09.01.2013 18:26:17 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "H:\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10.01.2013 12:17:09 | Computer Name = *** | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 10.01.2013 12:17:09 | Computer Name = *** | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ System Events ]
Error - 10.01.2013 13:44:47 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 10.01.2013 13:44:50 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.01.2013 13:46:23 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
OTL.txt

Code:
ATTFilter
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         

Alt 10.01.2013, 20:04   #2
markusg
/// Malware-holic
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Hi
otl.txt fehlt, posten bitte.
__________________

__________________

Alt 10.01.2013, 20:20   #3
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Sorry, hier kommt sie:

OTL.txt

Code:
ATTFilter
OTL logfile created on: 10.01.2013 18:52:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mhvn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 86,51% Memory free
7,71 Gb Paging File | 7,22 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,14 Gb Total Space | 368,03 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Drive F: | 25,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: mhvn | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.10 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mhvn\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.10.08 07:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.01.09 22:26:02 | 000,108,904 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.01.08 21:57:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.13 21:29:04 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.13 21:27:57 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.12.13 21:27:43 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.07 15:21:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.27 00:06:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.12.14 21:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.14 21:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.09.16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.13 21:29:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.13 21:29:39 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.18 12:30:36 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.10.08 07:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.08 07:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.24 21:53:34 | 000,376,400 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.06.24 21:35:37 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2009.12.16 21:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.16 21:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 05:04:17 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.16 03:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.14 21:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 05:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 05:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 05:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 05:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 05:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 21:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 21:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 21:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 21:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.09.15 21:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 21:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.08 09:55:22 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {3C8AE260-DD89-48A8-874B-5635DAD86DF2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3C8AE260-DD89-48A8-874B-5635DAD86DF2}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE381
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6BED64B0-3555-43C1-B820-45E1926A8CCF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8da3f1a1-07c1-495b-91dc-cc54b95ef181&apn_sauid=3EF5C33D-81F1-4A74-9F47-5A1EEB536A57
IE - HKCU\..\SearchScopes\{773DCE84-A6ED-45BA-BE98-6FED0A37B3A3}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{98A657E6-852A-4F97-9C45-D83BF4F96C73}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\..\SearchScopes\{DBC1860E-602D-41EC-B357-CD173C9CA8A3}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.11.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=8da3f1a1-07c1-495b-91dc-cc54b95ef181&apn_ptnrs=^AGS&apn_sauid=3EF5C33D-81F1-4A74-9F47-5A1EEB536A57&apn_dtid=^YYYYYY^YY^DE&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\mhvn\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.20 23:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.23 19:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 15:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 15:21:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.20 23:07:29 | 000,000,000 | ---D | M]
 
[2011.02.27 15:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\Extensions
[2010.07.22 06:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.11.25 09:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions
[2012.07.25 18:08:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.07 10:15:43 | 000,000,000 | ---D | M] (Andasa iCat) -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions\plugin@andasa.de
[2012.11.25 10:09:20 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\mhvn\AppData\Roaming\mozilla\Firefox\Profiles\6469u65k.default\extensions\toolbar@ask.com
[2012.08.07 00:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.01.09 07:38:04 | 000,002,413 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\askcom.xml
[2013.01.05 17:29:53 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-1.xml
[2011.11.08 18:59:29 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-10.xml
[2011.11.16 07:38:33 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-11.xml
[2012.01.03 09:57:27 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-12.xml
[2012.02.16 16:12:09 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-13.xml
[2011.05.08 16:27:59 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-2.xml
[2011.06.24 16:07:31 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-3.xml
[2011.07.28 18:18:19 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-4.xml
[2011.08.19 07:01:48 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-5.xml
[2011.09.04 11:00:50 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-6.xml
[2011.09.12 06:28:53 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-7.xml
[2011.10.02 21:26:26 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-8.xml
[2011.10.03 13:09:56 | 000,000,950 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\mozilla\firefox\profiles\6469u65k.default\searchplugins\icqplugin.xml
[2012.12.07 15:21:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 15:21:36 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.19 18:57:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 06:35:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 18:57:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 18:57:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 18:57:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 18:57:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.06.24 16:20:24 | 000,435,366 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14980 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.2.110/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.3.1/jinstall-1_3_1_20-windows-i586.cab (Java Plug-in 1.3.1_20)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448CA6B0-545A-480B-A503-DE84808875E3}: DhcpNameServer = 10.1.1.11 10.1.1.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D61CA8A8-A9C5-4B05-8B5C-1FF6CD0702CA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{045c7f58-8095-11e0-b9ce-5442490ba49f}\Shell - "" = AutoRun
O33 - MountPoints2\{045c7f58-8095-11e0-b9ce-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{045c7f6e-8095-11e0-b9ce-5442490ba49f}\Shell - "" = AutoRun
O33 - MountPoints2\{045c7f6e-8095-11e0-b9ce-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d078d709-aa2b-11df-bc74-5442490ba49f}\Shell - "" = AutoRun
O33 - MountPoints2\{d078d709-aa2b-11df-bc74-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{d078d70f-aa2b-11df-bc74-5442490ba49f}\Shell - "" = AutoRun
O33 - MountPoints2\{d078d70f-aa2b-11df-bc74-5442490ba49f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 18:47:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mhvn\Desktop\OTL.exe
[2013.01.09 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\mhvn\AppData\Roaming\Malwarebytes
[2013.01.09 23:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.09 23:31:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.09 23:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 23:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.09 23:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.01.09 22:52:04 | 000,664,504 | ---- | C] (Softwareentwicklung Patric Remus -ArchiCrypt) -- C:\Users\mhvn\Desktop\AntiBundestrojaner.exe
[2013.01.09 22:46:39 | 009,650,656 | ---- | C] (SurfRight B.V.) -- C:\hitmanpro_x64.exe
[2013.01.09 22:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.01.09 22:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.01.09 22:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.01.09 22:24:28 | 000,000,000 | ---D | C] -- C:\Stick
[2013.01.09 08:02:05 | 000,256,000 | ---- | C] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll
[2013.01.08 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\2013-01 (Jan)
[2013.01.04 22:06:57 | 000,000,000 | ---D | C] -- C:\Users\mhvn\AppData\Local\{56911F9F-71FB-404B-BF36-B7B5AB23B3FF}
[2013.01.04 21:57:22 | 000,000,000 | ---D | C] -- C:\Users\mhvn\AppData\Roaming\TuneUp Software
[2013.01.04 21:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.04 21:55:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.04 21:55:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.02 15:13:05 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\Rolex Datejust
[2013.01.02 15:12:42 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\Rolex GMT-Master II
[2012.12.24 13:15:41 | 000,000,000 | ---D | C] -- C:\Users\mhvn\Desktop\2012-12 (Dez)
[2012.12.19 18:55:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[1 C:\Users\mhvn\Desktop\*.tmp files -> C:\Users\mhvn\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.10 18:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 18:44:02 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 18:34:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mhvn\Desktop\OTL.exe
[2013.01.10 17:26:23 | 001,521,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 17:26:23 | 000,662,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 17:26:23 | 000,623,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 17:26:23 | 000,133,614 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 17:26:23 | 000,109,238 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.10 17:17:21 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.09 23:17:07 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 23:17:07 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 23:13:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.09 22:26:02 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.01.09 22:21:38 | 009,650,656 | ---- | M] (SurfRight B.V.) -- C:\hitmanpro_x64.exe
[2013.01.09 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.09 17:43:49 | 003,048,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 08:02:14 | 000,002,869 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 08:02:14 | 000,001,047 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 08:02:14 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.09 08:02:14 | 000,000,065 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.09 08:02:05 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll
[2013.01.09 07:35:37 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.08 23:32:01 | 000,002,780 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2013.01.08 23:32:01 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2013.01.05 11:05:15 | 000,070,755 | ---- | M] () -- C:\Users\mhvn\Desktop\Stellungnahme.pdf
[2013.01.04 17:46:50 | 000,001,621 | ---- | M] () -- C:\Users\mhvn\Desktop\LEO-LionsMitgliederverwaltung - Verknüpfung.lnk
[2012.12.18 22:59:00 | 000,213,004 | ---- | M] () -- C:\Users\mhvn\Desktop\20121214_Programme_Draft_Students.pdf
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.14 07:25:31 | 001,541,588 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.13 21:29:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.13 21:29:39 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.13 21:04:09 | 000,418,438 | ---- | M] () -- C:\test.xml
[1 C:\Users\mhvn\Desktop\*.tmp files -> C:\Users\mhvn\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.09 22:26:02 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.01.09 08:02:14 | 000,002,869 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 08:02:14 | 000,001,047 | ---- | C] () -- C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 08:02:14 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.09 08:02:14 | 000,000,065 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.09 08:02:10 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.05 10:57:40 | 000,070,755 | ---- | C] () -- C:\Users\mhvn\Desktop\Stellungnahme.pdf
[2013.01.04 17:46:50 | 000,001,621 | ---- | C] () -- C:\Users\mhvn\Desktop\LEO-LionsMitgliederverwaltung - Verknüpfung.lnk
[2012.12.18 22:59:00 | 000,213,004 | ---- | C] () -- C:\Users\mhvn\Desktop\20121214_Programme_Draft_Students.pdf
[2012.08.01 06:59:02 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2011.08.28 17:02:41 | 000,181,829 | ---- | C] () -- C:\Windows\hpoins36.dat
[2011.08.28 17:02:41 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat
[2011.08.11 07:12:53 | 000,000,036 | ---- | C] () -- C:\Users\mhvn\uidsave.dat
[2011.06.23 09:38:45 | 000,010,231 | ---- | C] () -- C:\Users\mhvn\mhvn_elster_2048.pfx
[2011.02.27 15:40:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.05.30 22:47:11 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\ASCOMP Software
[2010.10.31 13:03:12 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Auslogics
[2010.09.30 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Avery
[2011.12.03 13:05:43 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\elsterformular
[2010.06.15 22:59:04 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Facebook
[2010.06.20 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\JonDo
[2010.09.23 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\Nokia
[2010.09.23 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\PC Suite
[2010.12.15 21:32:52 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\SolidDocuments
[2012.10.16 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\svBuilder
[2013.01.04 21:57:22 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\TuneUp Software
[2012.06.08 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\mhvn\AppData\Roaming\UDC Profiles
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.05.26 18:50:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.10.03 13:30:41 | 000,000,000 | ---D | M] -- C:\Daten
[2010.02.23 09:36:33 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.26 18:47:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.17 08:08:56 | 000,000,000 | ---D | M] -- C:\e8972a98d510f4e238
[2011.11.28 20:36:21 | 000,000,000 | ---D | M] -- C:\KG-GD
[2010.02.23 09:08:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.23 20:15:19 | 000,000,000 | ---D | M] -- C:\Multimedia Files
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.09 22:26:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.09 23:31:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.09 23:31:36 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.05.26 18:47:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.02 16:13:15 | 000,000,000 | ---D | M] -- C:\Sicherung
[2012.05.24 19:40:49 | 000,000,000 | -H-D | M] -- C:\SPLASH.000
[2010.12.18 12:11:03 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS
[2013.01.09 22:25:29 | 000,000,000 | ---D | M] -- C:\Stick
[2013.01.09 08:04:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.23 09:26:32 | 000,000,000 | ---D | M] -- C:\Temp
[2012.12.29 12:34:24 | 000,000,000 | ---D | M] -- C:\Update
[2010.05.27 00:01:58 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.10 17:33:18 | 000,000,000 | ---D | M] -- C:\Windows
[2010.02.23 09:36:33 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO
[2012.08.01 21:17:05 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.02.23 09:03:03 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.23 09:03:05 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.07.07 21:32:20 | 000,000,310 | ---- | C] () -- C:\Windows\Tasks\DMEPeriodicTask.job
[2012.07.01 14:13:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.06.23 09:38:55 | 000,010,231 | ---- | M] () -- C:\Users\mhvn\mhvn_elster_2048.pfx
[2013.01.10 18:54:53 | 008,126,464 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat
[2013.01.10 18:54:53 | 000,262,144 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat.LOG1
[2010.05.26 18:47:36 | 000,000,000 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat.LOG2
[2010.05.26 18:53:26 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.26 18:53:26 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.26 18:53:26 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.30 18:19:36 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{285c6562-6c0b-11df-bfb4-5442490ba49f}.TM.blf
[2010.05.30 18:19:36 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{285c6562-6c0b-11df-bfb4-5442490ba49f}.TMContainer00000000000000000001.regtrans-ms
[2010.05.30 18:19:36 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{285c6562-6c0b-11df-bfb4-5442490ba49f}.TMContainer00000000000000000002.regtrans-ms
[2010.05.30 18:17:31 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{3de03a1b-6c07-11df-98a3-506313a455a5}.TM.blf
[2010.05.30 18:17:31 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{3de03a1b-6c07-11df-98a3-506313a455a5}.TMContainer00000000000000000001.regtrans-ms
[2010.05.30 18:17:31 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{3de03a1b-6c07-11df-98a3-506313a455a5}.TMContainer00000000000000000002.regtrans-ms
[2010.07.30 00:34:09 | 000,065,536 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{626bf2f5-9b65-11df-a13f-b430c24ac344}.TM.blf
[2010.07.30 00:34:09 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{626bf2f5-9b65-11df-a13f-b430c24ac344}.TMContainer00000000000000000001.regtrans-ms
[2010.07.30 00:34:09 | 000,524,288 | -HS- | M] () -- C:\Users\mhvn\ntuser.dat{626bf2f5-9b65-11df-a13f-b430c24ac344}.TMContainer00000000000000000002.regtrans-ms
[2010.05.26 18:47:36 | 000,000,020 | -HS- | M] () -- C:\Users\mhvn\ntuser.ini
[2011.07.16 05:24:22 | 000,000,036 | ---- | M] () -- C:\Users\mhvn\uidsave.dat
[2013.01.09 08:02:05 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
__________________

Geändert von centurio_bla (10.01.2013 um 20:32 Uhr)

Alt 10.01.2013, 20:27   #4
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Ich habe es gerade irgendwie geschafft in meinen Avira zu kommen:

Hier steht, dass er den TR/Winlock.JC gefunden hätte:

Code:
ATTFilter
10.01.2013,20:52:43 [INFO] ---------------------------------------------------------
10.01.2013,20:52:43 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
10.01.2013,20:53:37 [INFO] Echtzeit-Scanner Version: 13.06.00.400, Engine Version 8.2.10.226, VDF Version: 7.11.56.126
10.01.2013,20:53:37 [INFO] Online-Dienste stehen zur Verfügung.
10.01.2013,20:53:37 [INFO] Echtzeit-Scanner wurde aktiviert
10.01.2013,20:53:37 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
      - Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
      - Aktion: Benutzer fragen
      - Archive durchsuchen: Deaktiviert
      - Makrovirenheuristik: Aktiviert
      - Win32 Dateiheuristik: Erkennungsstufe mittel
      - Protokollierungsstufe: Standard
10.01.2013,21:10:45 [INFO] Update-Auftrag gestartet!
10.01.2013,21:11:04 [INFO] Aktuelle Engine Version: 8.2.10.228
10.01.2013,21:11:04 [INFO] Aktuelle Version der VDF-Datei: 7.11.56.184
10.01.2013,21:34:38 [FUND] Ist das Trojanische Pferd TR/Winlock.JC!
  C:\Users\mhvn\wgsdgsdgdsgsd.dll
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
10.01.2013,21:51:04 [FUND] Ist das Trojanische Pferd TR/Winlock.JC!
  C:\Users\mhvn\wgsdgsdgdsgsd.dll
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
10.01.2013,21:51:05 [FUND] Ist das Trojanische Pferd TR/Winlock.JC!
  C:\Users\mhvn\wgsdgsdgdsgsd.dll
      [INFO] Benutzer: NT-AUTORITÄT\SYSTEM
      [INFO] Der Zugriff auf die Datei wurde verweigert!
         

Alt 11.01.2013, 00:26   #5
markusg
/// Malware-holic
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2013.01.09 08:02:14 | 000,002,869 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 08:02:14 | 000,001,047 | ---- | M] () -- C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 08:02:14 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.09 08:02:14 | 000,000,065 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.09 08:02:05 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\mhvn\wgsdgsdgdsgsd.dll
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

reiche noch das hitman log nach.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 07:26   #6
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Hallo Markus,

herzlichen Danke. Das sieht bereits sehr gut aus. Windows lässt sich wieder normal starten. AUch das Internet scheint zu funktionieren.

Hier das Log von OTL

HTML-Code:
All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
File C:\Users\mhvn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
C:\ProgramData\dsgsdgdsgdsgw.reg moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.bat moved successfully.
C:\Users\mhvn\wgsdgsdgdsgsd.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: AppData
 
User: Default
->Flash cache emptied: 56504 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: mhvn
->Flash cache emptied: 57046 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: mhvn
->Temp folder emptied: 176324 bytes
->Temporary Internet Files folder emptied: 9206993 bytes
->Java cache emptied: 266664 bytes
->FireFox cache emptied: 74959282 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36785 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 173097 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 81,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01112013_074741

Files\Folders moved on Reboot...
C:\Users\mhvn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Ich habe daraufhin Hitman laufen lassen, hierfür ebenfalls das Log

Code:
ATTFilter
HitmanPro 3.7.0.185
www.hitmanpro.com

   Computer name . . . . : ***
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : ***\mhvn
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-01-11 08:11:58
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 7s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 146

   Objects scanned . . . : 1.900.349
   Files scanned . . . . : 16.891
   Remnants scanned  . . : 396.531 files / 1.486.927 keys

Malware _____________________________________________________________________

   C:\_OTL\MovedFiles\01112013_074741\C_Users\mhvn\wgsdgsdgdsgsd.dll
      Size . . . . . . . : 256.000 bytes
      Age  . . . . . . . : 2.0 days (2013-01-09 08:02:05)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 8BF3641D72C70F410F3DA722B90FFEA47E7BDF2EA5F15753A903485B95417EEB
      Product  . . . . . : Операционная система Microsoft® Windows®
      Publisher  . . . . : Корпорация Майкрософт
      Description  . . . : Редактор дескрипторов безопасности
      Version  . . . . . : 5.1.2600.2180
      Copyright  . . . . : © Корпорация Майкрософт. Все права защищены.
    > G Data . . . . . . : Trojan.Generic.KDV.824832 (Engine A)
    > Ikarus . . . . . . : Trojan-Dropper.Win32.Injector!IK
      Fuzzy  . . . . . . : 103.0


Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Ask.com\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\BadgeManager.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\common.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\config.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\css\popup.css (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\events.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\btn-bg.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\footer.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top-plain.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\header-top.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\like.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\linkedin.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off-knob.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\on-off.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plus-minus.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\plusone.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\settings.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\images\tweet.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\notificationManager.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\optout.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\logger.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\reports\view_report.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\rules.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\socialButtons.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\template.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\templates\all.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_alert.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_allowed_sites.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\chrome\content\view_global.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\autoUpdate.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\background.html (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\bg.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\blank.html (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\common.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\config.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\config.xml (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\content.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\ContentPolicy.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\css\popup-ie.css (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\demo.html (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\demoRestricted.html (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\dntp.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPAddon.dll (AskBar)
      Size . . . . . . . : 470.976 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:55)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : FC338B27D65C57330BCF611B87C66ED46881C4DD766FE7B99B8394A757EBC795
      Product  . . . . . : Avira Do Not Track
      Publisher  . . . . : Abine
      Description  . . . : ScriptHost
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPButton.dll (AskBar)
      Size . . . . . . . : 245.696 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:55)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 2FC13CADD383B20CF47883318AA4CBF6CED368985E4E4616AD55570017F89898
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPContentFilter.dll (AskBar)
      Size . . . . . . . : 925.120 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:55)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : A2E81FF4D5C5AAD8287A06AC267AD64C2E2E7E7453A4A0A3857F12248FC074C7
      Product  . . . . . : Avira Do Not Track
      Description  . . . : DNTP ContentFilter Module
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc. Copyright 2012
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -14.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPService.exe (AskBar)
      Size . . . . . . . : 300.480 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:55)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 5432AEF914EA963BF63277837A30B82B59008BCA2B3E79D82A3FDB87C7386BDA
      Product  . . . . . : Avira Do Not Track
      Publisher  . . . . : Abine Inc.
      Description  . . . : Avira Do Not Track Service
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPServicePS.dll (AskBar)
      Size . . . . . . . : 51.136 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:55)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 79B321A17B6E4508921A90620F315FED39BA03F00D4FA2C848F62B89EAB837F8
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\DNTPTypes.dll (AskBar)
      Size . . . . . . . : 90.048 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:55)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : E1ECF35417E57AD8860CE5E99468F9B3D806F8C171EB6DBD5E06D2D41BE8160A
      Product  . . . . . : Avira Do Not Track
      Publisher  . . . . : Abine Inc.
      Description  . . . : Avira Do Not Track Shared Types
      Version  . . . . . : 2.2.1.921
      Copyright  . . . . : Abine Inc. All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\images\demoRestricted.png (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\json2.min.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\license.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\de\messages.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\en\messages.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\es\messages.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\fr\messages.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\it\messages.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\nl\messages.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\ (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\locale\pt\messages.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\popup.html (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\socialButtons.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\view.js (AskBar)
   C:\Program Files (x86)\Ask.com\AbineSDK\IE\view_alert.js (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\ (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\b.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\bl.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\br.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\l.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\r.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\t.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\tl.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\tr.png (AskBar)
   C:\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe (AskBar)
      Size . . . . . . . : 238.288 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 8BC084B9A03212CAB6820C194809747248BE05CABC657E5811645ECFC7D8D0B5
      Product  . . . . . : AviraBrowserSecurity
      Publisher  . . . . : APN LLC.
      Description  . . . : AviraBrowserSecurity
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\AviraCallingIDhelper.dll (AskBar)
      Size . . . . . . . : 145.104 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : AE8BC4D32E239646DEDBF7BD2B01E7E3581D45FF68F4E32D5ADB0FFC1E672EBE
      Product  . . . . . : AviraHelper
      Publisher  . . . . : APN LLC
      Description  . . . : Avira COM API Helper
      Version  . . . . . : 4.0.0.1
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\ (AskBar)
   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDCoreLight.dll (AskBar)
      Size . . . . . . . : 1.599.568 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 18054E5FD5B05EA000DE4E6BC3AD9D3115579E1E57C00D15649692DBCB196662
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.255
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLight.exe (AskBar)
      Size . . . . . . . : 1.185.872 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : F7C2DF158D54D34167F9F454E2BD1776476DCA761E14358C59C1C81F5B2D0727
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.255
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Running processes  : 5312
      Fuzzy  . . . . . . : -13.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDGlobalLightPS.dll (AskBar)
      Size . . . . . . . : 71.760 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 4C65E65F7E94F09BC5AA2C1AF8BDA84D25DCB9DB498BCDBFA1F2B2C26EA7D475
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.255
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLight.exe (AskBar)
      Size . . . . . . . : 145.488 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 739DAC31AA8B97FE0AA1F3E3AE8A0CAC4901CB3E6D59C0DB23DAAB268B80B638
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.255
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\CallingIDSDK\CIDWPADLightPS.dll (AskBar)
      Size . . . . . . . : 71.760 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 5.4
      SHA-256  . . . . . : 10FFDE37622D2B73D14CAC1A2619BE5E3B94ADD3EF7108BEE03917C9461FF95F
      Product  . . . . . : CallingID
      Publisher  . . . . : CallingID Ltd.
      Version  . . . . . : 2.0.0.255
      Copyright  . . . . : CallingID (c). All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0

   C:\Program Files (x86)\Ask.com\cb_e292.ico (AskBar)
   C:\Program Files (x86)\Ask.com\cobrand.ico (AskBar)
   C:\Program Files (x86)\Ask.com\config.xml (AskBar)
   C:\Program Files (x86)\Ask.com\favicon.ico (AskBar)
   C:\Program Files (x86)\Ask.com\fv_d3d2.ico (AskBar)
   C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (AskBar)
      Size . . . . . . . : 1.521.872 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 302241BADAFD25343D468E5D417CDB485BA7A801ADE4704E5A06B19F0D15CFB4
      Product  . . . . . : Toolbar
      Publisher  . . . . : Ask
      Description  . . . : Avira SearchFree Toolbar
      Version  . . . . . : 5.15.11.30498
      Copyright  . . . . : (c) Ask.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -17.0
      Startup
         HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
         HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1\
         HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd\
         HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
         HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\

   C:\Program Files (x86)\Ask.com\mupcfg.xml (AskBar)
   C:\Program Files (x86)\Ask.com\precache.exe (AskBar)
      Size . . . . . . . : 70.864 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : D9281B29A4AB1C3560062F4B26149712C1D99B21DF62CC5117BF47D546A32094
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\SaUpdate.exe (AskBar)
      Size . . . . . . . : 197.840 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : F0620259BF5A5B4211CFDE599DAD34120A11D186D12E68DEC42FDB16D3D50B96
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\Updater\ (AskBar)
   C:\Program Files (x86)\Ask.com\Updater\config.xml (AskBar)
   C:\Program Files (x86)\Ask.com\Updater\Updater.exe (AskBar)
      Size . . . . . . . : 1.573.584 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 84F1FE06F8914D5218D44C9E222A0893CD752A8E23B2AF0649BD9DF81D2A57C9
      Product  . . . . . : Updater
      Publisher  . . . . : Ask
      Description  . . . : Ask Updater
      Version  . . . . . : 1.2.3.30498
      Copyright  . . . . : (c) Ask.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -19.0

   C:\Program Files (x86)\Ask.com\UpdateTask.exe (AskBar)
      Size . . . . . . . : 136.400 bytes
      Age  . . . . . . . : 46.9 days (2012-11-25 09:56:54)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : B873C97B5889E836627F99D9C42CFC49A30F6C53FAC549546951D65358EA733F
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0

   C:\Users\mhvn\AppData\LocalLow\AskToolbar\ (AskBar)
   C:\Users\mhvn\AppData\LocalLow\AskToolbar\APNU\ (AskBar)
   C:\Users\mhvn\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar)
   C:\Users\mhvn\AppData\LocalLow\AskToolbar\APNU\extensions.sqlite (AskBar)
   C:\Users\mhvn\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1031.MST (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Ask.com\ (AskBar)
   HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Softonic\ (Softonic)
         

Alt 11.01.2013, 15:27   #7
markusg
/// Malware-holic
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



ich wollte aber kein neues Log, oben steht ja, die bisher erstellten, lesen bitte.
Also, poste bitte ältere Logs, falls vorhanden, von hitman.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 21:36   #8
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Ein altes Log (von davor) von Hitman liegt nicht vor, daher hatte ich einen Log von danach gepostet.

Hier das Log von TDSSKiller:

Code:
ATTFilter
22:20:19.0047 5400  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:20:21.0075 5400  ============================================================
22:20:21.0075 5400  Current date / time: 2013/01/11 22:20:21.0075
22:20:21.0075 5400  SystemInfo:
22:20:21.0075 5400  
22:20:21.0075 5400  OS Version: 6.1.7601 ServicePack: 1.0
22:20:21.0075 5400  Product type: Workstation
22:20:21.0075 5400  ComputerName: ***
22:20:21.0075 5400  UserName: mhvn
22:20:21.0075 5400  Windows directory: C:\Windows
22:20:21.0075 5400  System windows directory: C:\Windows
22:20:21.0075 5400  Running under WOW64
22:20:21.0075 5400  Processor architecture: Intel x64
22:20:21.0075 5400  Number of processors: 4
22:20:21.0075 5400  Page size: 0x1000
22:20:21.0075 5400  Boot type: Normal boot
22:20:21.0075 5400  ============================================================
22:20:22.0151 5400  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:22.0167 5400  ============================================================
22:20:22.0167 5400  \Device\Harddisk0\DR0:
22:20:22.0167 5400  MBR partitions:
22:20:22.0167 5400  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x150A000, BlocksNum 0x32000
22:20:22.0167 5400  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x153C000, BlocksNum 0x38E49830
22:20:22.0167 5400  ============================================================
22:20:22.0198 5400  C: <-> \Device\Harddisk0\DR0\Partition2
22:20:22.0198 5400  ============================================================
22:20:22.0198 5400  Initialize success
22:20:22.0198 5400  ============================================================
22:21:21.0431 5496  ============================================================
22:21:21.0431 5496  Scan started
22:21:21.0431 5496  Mode: Manual; SigCheck; TDLFS; 
22:21:21.0431 5496  ============================================================
22:21:22.0711 5496  ================ Scan system memory ========================
22:21:22.0711 5496  System memory - ok
22:21:22.0726 5496  ================ Scan services =============================
22:21:22.0945 5496  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:21:23.0147 5496  1394ohci - ok
22:21:23.0225 5496  [ 056FAAFF049CA7237194065423307189 ] acedrv05        C:\Windows\system32\drivers\acedrv05.sys
22:21:23.0288 5496  acedrv05 ( UnsignedFile.Multi.Generic ) - warning
22:21:23.0288 5496  acedrv05 - detected UnsignedFile.Multi.Generic (1)
22:21:23.0335 5496  [ CF43E9BAEBD41844856D14DBE9C07CD7 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
22:21:23.0397 5496  acedrv11 - ok
22:21:23.0444 5496  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:21:23.0491 5496  ACPI - ok
22:21:23.0553 5496  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:21:23.0803 5496  AcpiPmi - ok
22:21:23.0990 5496  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:24.0021 5496  AdobeFlashPlayerUpdateSvc - ok
22:21:24.0083 5496  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:21:24.0146 5496  adp94xx - ok
22:21:24.0177 5496  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:21:24.0239 5496  adpahci - ok
22:21:24.0271 5496  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:21:24.0302 5496  adpu320 - ok
22:21:24.0333 5496  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:21:24.0536 5496  AeLookupSvc - ok
22:21:24.0583 5496  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:21:24.0723 5496  AFD - ok
22:21:24.0770 5496  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:21:24.0817 5496  agp440 - ok
22:21:24.0863 5496  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:21:25.0004 5496  ALG - ok
22:21:25.0051 5496  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:21:25.0082 5496  aliide - ok
22:21:25.0129 5496  [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:21:25.0222 5496  AMD External Events Utility - ok
22:21:25.0285 5496  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:21:25.0331 5496  amdide - ok
22:21:25.0394 5496  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:21:25.0519 5496  AmdK8 - ok
22:21:25.0706 5496  [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:26.0158 5496  amdkmdag - ok
22:21:26.0221 5496  [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:21:26.0299 5496  amdkmdap - ok
22:21:26.0330 5496  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:21:26.0408 5496  AmdPPM - ok
22:21:26.0486 5496  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:21:26.0533 5496  amdsata - ok
22:21:26.0564 5496  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:21:26.0611 5496  amdsbs - ok
22:21:26.0611 5496  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:21:26.0657 5496  amdxata - ok
22:21:26.0860 5496  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:21:26.0876 5496  AntiVirSchedulerService - ok
22:21:26.0954 5496  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:21:26.0969 5496  AntiVirService - ok
22:21:27.0016 5496  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:21:27.0047 5496  AntiVirWebService - ok
22:21:27.0110 5496  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:21:27.0344 5496  AppID - ok
22:21:27.0391 5496  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:21:27.0500 5496  AppIDSvc - ok
22:21:27.0531 5496  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:21:27.0640 5496  Appinfo - ok
22:21:27.0749 5496  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:27.0781 5496  Apple Mobile Device - ok
22:21:27.0827 5496  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:21:27.0859 5496  arc - ok
22:21:27.0890 5496  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:21:27.0937 5496  arcsas - ok
22:21:27.0968 5496  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
22:21:27.0983 5496  ArcSoftKsUFilter - ok
22:21:28.0015 5496  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:28.0124 5496  AsyncMac - ok
22:21:28.0171 5496  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:21:28.0202 5496  atapi - ok
22:21:28.0280 5496  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:21:28.0467 5496  athr - ok
22:21:28.0670 5496  [ EA244A8B88DE8B5986BF3B7903B063AF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:28.0873 5496  atikmdag - ok
22:21:28.0919 5496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:29.0075 5496  AudioEndpointBuilder - ok
22:21:29.0107 5496  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:21:29.0216 5496  AudioSrv - ok
22:21:29.0263 5496  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:21:29.0309 5496  avgntflt - ok
22:21:29.0341 5496  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:21:29.0387 5496  avipbb - ok
22:21:29.0450 5496  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:21:29.0481 5496  avkmgr - ok
22:21:29.0528 5496  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:21:29.0653 5496  AxInstSV - ok
22:21:29.0699 5496  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:21:29.0793 5496  b06bdrv - ok
22:21:29.0855 5496  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:29.0933 5496  b57nd60a - ok
22:21:29.0996 5496  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:21:30.0089 5496  BDESVC - ok
22:21:30.0121 5496  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:21:30.0261 5496  Beep - ok
22:21:30.0323 5496  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:21:30.0448 5496  BFE - ok
22:21:30.0495 5496  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:21:30.0682 5496  BITS - ok
22:21:30.0760 5496  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:30.0791 5496  Bonjour Service - ok
22:21:30.0838 5496  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:21:30.0901 5496  bowser - ok
22:21:30.0932 5496  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:21:31.0025 5496  BrFiltLo - ok
22:21:31.0072 5496  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:21:31.0103 5496  BrFiltUp - ok
22:21:31.0150 5496  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:21:31.0213 5496  Browser - ok
22:21:31.0259 5496  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:21:31.0369 5496  Brserid - ok
22:21:31.0384 5496  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:31.0447 5496  BrSerWdm - ok
22:21:31.0509 5496  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:31.0571 5496  BrUsbMdm - ok
22:21:31.0603 5496  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:31.0665 5496  BrUsbSer - ok
22:21:31.0759 5496  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:21:31.0868 5496  BthEnum - ok
22:21:31.0915 5496  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:21:32.0008 5496  BTHMODEM - ok
22:21:32.0071 5496  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:21:32.0133 5496  BthPan - ok
22:21:32.0227 5496  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:21:32.0367 5496  BTHPORT - ok
22:21:32.0414 5496  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:21:32.0507 5496  bthserv - ok
22:21:32.0570 5496  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:21:32.0617 5496  BTHUSB - ok
22:21:32.0663 5496  [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
22:21:32.0695 5496  btusbflt - ok
22:21:32.0741 5496  [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:21:32.0773 5496  btwaudio - ok
22:21:32.0804 5496  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
22:21:32.0835 5496  btwavdt - ok
22:21:32.0944 5496  [ 31DA517946FFE416442E864592548F8A ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:21:33.0007 5496  btwdins - ok
22:21:33.0038 5496  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
22:21:33.0053 5496  btwl2cap - ok
22:21:33.0085 5496  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:21:33.0116 5496  btwrchid - ok
22:21:33.0163 5496  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:21:33.0319 5496  cdfs - ok
22:21:33.0365 5496  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:21:33.0459 5496  cdrom - ok
22:21:33.0506 5496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:21:33.0631 5496  CertPropSvc - ok
22:21:33.0709 5496  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:21:33.0755 5496  circlass - ok
22:21:33.0802 5496  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:21:33.0849 5496  CLFS - ok
22:21:33.0911 5496  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:33.0958 5496  clr_optimization_v2.0.50727_32 - ok
22:21:34.0021 5496  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:34.0052 5496  clr_optimization_v2.0.50727_64 - ok
22:21:34.0130 5496  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:34.0192 5496  clr_optimization_v4.0.30319_32 - ok
22:21:34.0270 5496  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:34.0286 5496  clr_optimization_v4.0.30319_64 - ok
22:21:34.0333 5496  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:21:34.0379 5496  CmBatt - ok
22:21:34.0426 5496  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:21:34.0457 5496  cmdide - ok
22:21:34.0504 5496  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:21:34.0598 5496  CNG - ok
22:21:34.0645 5496  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:21:34.0676 5496  Compbatt - ok
22:21:34.0707 5496  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:21:34.0754 5496  CompositeBus - ok
22:21:34.0769 5496  COMSysApp - ok
22:21:34.0785 5496  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:21:34.0832 5496  crcdisk - ok
22:21:34.0863 5496  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:21:34.0925 5496  CryptSvc - ok
22:21:34.0988 5496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:21:35.0128 5496  DcomLaunch - ok
22:21:35.0159 5496  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:21:35.0331 5496  defragsvc - ok
22:21:35.0393 5496  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:21:35.0518 5496  DfsC - ok
22:21:35.0565 5496  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:21:35.0643 5496  Dhcp - ok
22:21:35.0659 5496  DIRECTIO - ok
22:21:35.0690 5496  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:21:35.0846 5496  discache - ok
22:21:35.0861 5496  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:21:35.0908 5496  Disk - ok
22:21:35.0939 5496  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:21:35.0986 5496  Dnscache - ok
22:21:36.0033 5496  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:21:36.0173 5496  dot3svc - ok
22:21:36.0236 5496  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:21:36.0329 5496  Dot4 - ok
22:21:36.0376 5496  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:21:36.0423 5496  Dot4Print - ok
22:21:36.0485 5496  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:21:36.0563 5496  dot4usb - ok
22:21:36.0610 5496  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:21:36.0735 5496  DPS - ok
22:21:36.0782 5496  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:21:36.0844 5496  drmkaud - ok
22:21:36.0907 5496  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:21:37.0000 5496  DXGKrnl - ok
22:21:37.0047 5496  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:21:37.0141 5496  EapHost - ok
22:21:37.0250 5496  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:21:37.0499 5496  ebdrv - ok
22:21:37.0531 5496  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:21:37.0577 5496  EFS - ok
22:21:37.0640 5496  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:21:37.0796 5496  ehRecvr - ok
22:21:37.0827 5496  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:21:37.0921 5496  ehSched - ok
22:21:37.0952 5496  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:21:38.0014 5496  elxstor - ok
22:21:38.0061 5496  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:21:38.0123 5496  ErrDev - ok
22:21:38.0170 5496  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:21:38.0295 5496  EventSystem - ok
22:21:38.0373 5496  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:21:38.0467 5496  exfat - ok
22:21:38.0498 5496  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:21:38.0607 5496  fastfat - ok
22:21:38.0654 5496  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:21:38.0747 5496  Fax - ok
22:21:38.0779 5496  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:21:38.0825 5496  fdc - ok
22:21:38.0857 5496  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:21:38.0966 5496  fdPHost - ok
22:21:38.0997 5496  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:21:39.0106 5496  FDResPub - ok
22:21:39.0137 5496  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:21:39.0169 5496  FileInfo - ok
22:21:39.0184 5496  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:21:39.0325 5496  Filetrace - ok
22:21:39.0434 5496  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:21:39.0527 5496  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:21:39.0527 5496  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:21:39.0559 5496  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:21:39.0605 5496  flpydisk - ok
22:21:39.0652 5496  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:21:39.0699 5496  FltMgr - ok
22:21:39.0824 5496  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:21:39.0933 5496  FontCache - ok
22:21:40.0011 5496  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:40.0058 5496  FontCache3.0.0.0 - ok
22:21:40.0089 5496  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:21:40.0136 5496  FsDepends - ok
22:21:40.0183 5496  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:21:40.0214 5496  fssfltr - ok
22:21:40.0401 5496  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:21:40.0697 5496  fsssvc - ok
22:21:40.0760 5496  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:21:40.0775 5496  Fs_Rec - ok
22:21:40.0838 5496  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:21:40.0885 5496  fvevol - ok
22:21:40.0916 5496  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:21:40.0978 5496  gagp30kx - ok
22:21:41.0041 5496  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:41.0072 5496  GEARAspiWDM - ok
22:21:41.0134 5496  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:21:41.0275 5496  gpsvc - ok
22:21:41.0353 5496  [ 626A24ED1228580B9518C01930936DF9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:41.0384 5496  gupdate - ok
22:21:41.0431 5496  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:41.0446 5496  gupdatem - ok
22:21:41.0493 5496  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:21:41.0555 5496  hcw85cir - ok
22:21:41.0602 5496  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:21:41.0665 5496  HdAudAddService - ok
22:21:41.0696 5496  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:21:41.0758 5496  HDAudBus - ok
22:21:41.0836 5496  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:21:41.0867 5496  HECIx64 - ok
22:21:41.0899 5496  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:21:41.0961 5496  HidBatt - ok
22:21:41.0992 5496  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:21:42.0055 5496  HidBth - ok
22:21:42.0101 5496  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:21:42.0164 5496  HidIr - ok
22:21:42.0179 5496  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:21:42.0304 5496  hidserv - ok
22:21:42.0367 5496  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:21:42.0398 5496  HidUsb - ok
22:21:42.0460 5496  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:21:42.0554 5496  hkmsvc - ok
22:21:42.0601 5496  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:21:42.0663 5496  HomeGroupListener - ok
22:21:42.0725 5496  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:21:42.0772 5496  HomeGroupProvider - ok
22:21:42.0928 5496  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:21:42.0975 5496  hpqcxs08 - ok
22:21:43.0037 5496  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:21:43.0053 5496  hpqddsvc - ok
22:21:43.0084 5496  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:21:43.0115 5496  HpSAMD - ok
22:21:43.0225 5496  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:21:43.0303 5496  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:21:43.0303 5496  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:21:43.0349 5496  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:21:43.0521 5496  HTTP - ok
22:21:43.0599 5496  [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:21:43.0693 5496  hwdatacard - ok
22:21:43.0724 5496  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:21:43.0755 5496  hwpolicy - ok
22:21:43.0833 5496  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:21:43.0864 5496  i8042prt - ok
22:21:43.0927 5496  [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
22:21:43.0973 5496  iaStor - ok
22:21:44.0036 5496  [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:21:44.0051 5496  IAStorDataMgrSvc - ok
22:21:44.0098 5496  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:21:44.0161 5496  iaStorV - ok
22:21:44.0223 5496  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:44.0363 5496  idsvc - ok
22:21:44.0613 5496  [ 31D1AFF484D8A0906CF8D44251EC390F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:21:45.0003 5496  igfx ( UnsignedFile.Multi.Generic ) - warning
22:21:45.0003 5496  igfx - detected UnsignedFile.Multi.Generic (1)
22:21:45.0050 5496  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:21:45.0081 5496  iirsp - ok
22:21:45.0143 5496  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:21:45.0268 5496  IKEEXT - ok
22:21:45.0346 5496  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
22:21:45.0377 5496  Impcd - ok
22:21:45.0487 5496  [ 0F144E5F46CB9043004B5E84AA4BCA6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:21:45.0721 5496  IntcAzAudAddService - ok
22:21:45.0767 5496  [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:21:45.0814 5496  IntcDAud ( UnsignedFile.Multi.Generic ) - warning
22:21:45.0814 5496  IntcDAud - detected UnsignedFile.Multi.Generic (1)
22:21:45.0845 5496  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:21:45.0892 5496  intelide - ok
22:21:45.0939 5496  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
22:21:45.0986 5496  intelppm - ok
22:21:46.0017 5496  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:21:46.0142 5496  IPBusEnum - ok
22:21:46.0189 5496  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:46.0298 5496  IpFilterDriver - ok
22:21:46.0329 5496  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:21:46.0423 5496  iphlpsvc - ok
22:21:46.0454 5496  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:21:46.0501 5496  IPMIDRV - ok
22:21:46.0547 5496  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:21:46.0672 5496  IPNAT - ok
22:21:46.0719 5496  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:21:46.0797 5496  iPod Service - ok
22:21:46.0828 5496  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:21:46.0969 5496  IRENUM - ok
22:21:47.0031 5496  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:21:47.0062 5496  isapnp - ok
22:21:47.0109 5496  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:21:47.0156 5496  iScsiPrt - ok
22:21:47.0171 5496  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:21:47.0203 5496  kbdclass - ok
22:21:47.0234 5496  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:21:47.0281 5496  kbdhid - ok
22:21:47.0312 5496  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:21:47.0327 5496  KeyIso - ok
22:21:47.0390 5496  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:21:47.0421 5496  KSecDD - ok
22:21:47.0452 5496  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:21:47.0499 5496  KSecPkg - ok
22:21:47.0530 5496  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:21:47.0639 5496  ksthunk - ok
22:21:47.0686 5496  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:21:47.0827 5496  KtmRm - ok
22:21:47.0873 5496  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:21:47.0983 5496  LanmanServer - ok
22:21:48.0029 5496  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:21:48.0123 5496  LanmanWorkstation - ok
22:21:48.0185 5496  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:21:48.0295 5496  lltdio - ok
22:21:48.0326 5496  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:21:48.0451 5496  lltdsvc - ok
22:21:48.0466 5496  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:21:48.0560 5496  lmhosts - ok
22:21:48.0622 5496  [ 5460828F8951D310B42B442877603B8D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:21:48.0653 5496  LMS - ok
22:21:48.0685 5496  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:21:48.0716 5496  LSI_FC - ok
22:21:48.0731 5496  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:21:48.0778 5496  LSI_SAS - ok
22:21:48.0809 5496  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:21:48.0841 5496  LSI_SAS2 - ok
22:21:48.0872 5496  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:21:48.0919 5496  LSI_SCSI - ok
22:21:48.0934 5496  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:21:49.0075 5496  luafv - ok
22:21:49.0121 5496  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:21:49.0137 5496  MBAMProtector - ok
22:21:49.0215 5496  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:21:49.0246 5496  MBAMScheduler - ok
22:21:49.0277 5496  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:21:49.0309 5496  MBAMService - ok
22:21:49.0355 5496  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:21:49.0387 5496  Mcx2Svc - ok
22:21:49.0433 5496  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:21:49.0465 5496  megasas - ok
22:21:49.0511 5496  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:21:49.0558 5496  MegaSR - ok
22:21:49.0589 5496  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:21:49.0714 5496  MMCSS - ok
22:21:49.0730 5496  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:21:49.0855 5496  Modem - ok
22:21:49.0870 5496  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:21:49.0933 5496  monitor - ok
22:21:49.0979 5496  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:21:50.0026 5496  mouclass - ok
22:21:50.0057 5496  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
22:21:50.0089 5496  mouhid - ok
22:21:50.0135 5496  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:21:50.0167 5496  mountmgr - ok
22:21:50.0245 5496  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:21:50.0307 5496  MozillaMaintenance - ok
22:21:50.0354 5496  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:21:50.0401 5496  mpio - ok
22:21:50.0416 5496  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:21:50.0525 5496  mpsdrv - ok
22:21:50.0557 5496  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:21:50.0697 5496  MpsSvc - ok
22:21:50.0728 5496  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:21:50.0806 5496  MRxDAV - ok
22:21:50.0837 5496  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:50.0900 5496  mrxsmb - ok
22:21:50.0931 5496  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:50.0993 5496  mrxsmb10 - ok
22:21:51.0025 5496  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:51.0087 5496  mrxsmb20 - ok
22:21:51.0134 5496  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:21:51.0165 5496  msahci - ok
22:21:51.0196 5496  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:21:51.0227 5496  msdsm - ok
22:21:51.0259 5496  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:21:51.0305 5496  MSDTC - ok
22:21:51.0337 5496  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:21:51.0430 5496  Msfs - ok
22:21:51.0461 5496  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:21:51.0555 5496  mshidkmdf - ok
22:21:51.0586 5496  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:21:51.0617 5496  msisadrv - ok
22:21:51.0680 5496  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:21:51.0789 5496  MSiSCSI - ok
22:21:51.0805 5496  msiserver - ok
22:21:51.0836 5496  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:21:51.0961 5496  MSKSSRV - ok
22:21:51.0976 5496  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:52.0085 5496  MSPCLOCK - ok
22:21:52.0101 5496  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:21:52.0226 5496  MSPQM - ok
22:21:52.0273 5496  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:21:52.0319 5496  MsRPC - ok
22:21:52.0382 5496  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:21:52.0397 5496  mssmbios - ok
22:21:52.0429 5496  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:21:52.0538 5496  MSTEE - ok
22:21:52.0569 5496  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:21:52.0616 5496  MTConfig - ok
22:21:52.0647 5496  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:21:52.0678 5496  Mup - ok
22:21:52.0725 5496  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:21:52.0850 5496  napagent - ok
22:21:52.0912 5496  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:21:53.0006 5496  NativeWifiP - ok
22:21:53.0099 5496  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:21:53.0177 5496  NDIS - ok
22:21:53.0224 5496  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:53.0349 5496  NdisCap - ok
22:21:53.0365 5496  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:53.0474 5496  NdisTapi - ok
22:21:53.0505 5496  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:53.0614 5496  Ndisuio - ok
22:21:53.0645 5496  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:53.0770 5496  NdisWan - ok
22:21:53.0801 5496  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:21:53.0926 5496  NDProxy - ok
22:21:53.0989 5496  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:21:54.0020 5496  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:21:54.0020 5496  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:21:54.0082 5496  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:21:54.0191 5496  NetBIOS - ok
22:21:54.0238 5496  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:21:54.0363 5496  NetBT - ok
22:21:54.0394 5496  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:21:54.0425 5496  Netlogon - ok
22:21:54.0472 5496  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:21:54.0597 5496  Netman - ok
22:21:54.0628 5496  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:21:54.0769 5496  netprofm - ok
22:21:54.0800 5496  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:54.0847 5496  NetTcpPortSharing - ok
22:21:54.0878 5496  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:21:54.0909 5496  nfrd960 - ok
22:21:54.0925 5496  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:21:54.0987 5496  NlaSvc - ok
22:21:55.0018 5496  nmwcdcx64 - ok
22:21:55.0034 5496  nmwcdx64 - ok
22:21:55.0081 5496  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:21:55.0174 5496  Npfs - ok
22:21:55.0205 5496  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:21:55.0315 5496  nsi - ok
22:21:55.0361 5496  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:21:55.0471 5496  nsiproxy - ok
22:21:55.0549 5496  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:21:55.0736 5496  Ntfs - ok
22:21:55.0736 5496  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:21:55.0845 5496  Null - ok
22:21:55.0861 5496  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:21:55.0907 5496  nvraid - ok
22:21:55.0954 5496  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:21:56.0001 5496  nvstor - ok
22:21:56.0048 5496  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:21:56.0079 5496  nv_agp - ok
22:21:56.0095 5496  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:21:56.0157 5496  ohci1394 - ok
22:21:56.0204 5496  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:56.0266 5496  ose - ok
22:21:56.0313 5496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:21:56.0391 5496  p2pimsvc - ok
22:21:56.0453 5496  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:21:56.0485 5496  p2psvc - ok
22:21:56.0516 5496  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:21:56.0547 5496  Parport - ok
22:21:56.0578 5496  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:21:56.0625 5496  partmgr - ok
22:21:56.0656 5496  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:21:56.0719 5496  PcaSvc - ok
22:21:56.0734 5496  pccsmcfd - ok
22:21:56.0765 5496  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:21:56.0797 5496  pci - ok
22:21:56.0859 5496  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:21:56.0890 5496  pciide - ok
22:21:56.0921 5496  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:21:56.0968 5496  pcmcia - ok
22:21:56.0999 5496  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:21:57.0031 5496  pcw - ok
22:21:57.0093 5496  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:21:57.0249 5496  PEAUTH - ok
22:21:57.0358 5496  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:21:57.0436 5496  PerfHost - ok
22:21:57.0530 5496  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:21:57.0733 5496  pla - ok
22:21:57.0795 5496  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:21:57.0857 5496  PlugPlay - ok
22:21:57.0951 5496  [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
22:21:58.0013 5496  PMBDeviceInfoProvider - ok
22:21:58.0091 5496  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:21:58.0123 5496  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:21:58.0123 5496  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:21:58.0138 5496  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:21:58.0185 5496  PNRPAutoReg - ok
22:21:58.0232 5496  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:21:58.0263 5496  PNRPsvc - ok
22:21:58.0325 5496  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:21:58.0450 5496  PolicyAgent - ok
22:21:58.0497 5496  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:21:58.0606 5496  Power - ok
22:21:58.0684 5496  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:21:58.0793 5496  PptpMiniport - ok
22:21:58.0825 5496  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:21:58.0871 5496  Processor - ok
22:21:58.0934 5496  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:21:58.0996 5496  ProfSvc - ok
22:21:59.0012 5496  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:21:59.0027 5496  ProtectedStorage - ok
22:21:59.0074 5496  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:21:59.0183 5496  Psched - ok
22:21:59.0230 5496  [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
22:21:59.0261 5496  PxHlpa64 - ok
22:21:59.0339 5496  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:21:59.0480 5496  ql2300 - ok
22:21:59.0542 5496  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:21:59.0589 5496  ql40xx - ok
22:21:59.0620 5496  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:21:59.0683 5496  QWAVE - ok
22:21:59.0698 5496  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:21:59.0745 5496  QWAVEdrv - ok
22:21:59.0776 5496  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:21:59.0885 5496  RasAcd - ok
22:21:59.0917 5496  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:22:00.0010 5496  RasAgileVpn - ok
22:22:00.0026 5496  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:22:00.0135 5496  RasAuto - ok
22:22:00.0166 5496  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:00.0291 5496  Rasl2tp - ok
22:22:00.0353 5496  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:22:00.0494 5496  RasMan - ok
22:22:00.0541 5496  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:00.0665 5496  RasPppoe - ok
22:22:00.0712 5496  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:22:00.0837 5496  RasSstp - ok
22:22:00.0884 5496  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:22:01.0024 5496  rdbss - ok
22:22:01.0040 5496  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:22:01.0102 5496  rdpbus - ok
22:22:01.0133 5496  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:01.0243 5496  RDPCDD - ok
22:22:01.0289 5496  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:22:01.0399 5496  RDPENCDD - ok
22:22:01.0430 5496  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:22:01.0523 5496  RDPREFMP - ok
22:22:01.0586 5496  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:22:01.0648 5496  RDPWD - ok
22:22:01.0695 5496  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:22:01.0742 5496  rdyboost - ok
22:22:01.0773 5496  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:22:01.0898 5496  RemoteAccess - ok
22:22:01.0929 5496  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:22:02.0069 5496  RemoteRegistry - ok
22:22:02.0101 5496  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:02.0179 5496  RFCOMM - ok
22:22:02.0225 5496  [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci         C:\Windows\system32\DRIVERS\rimssne64.sys
22:22:02.0272 5496  rimspci - ok
22:22:02.0319 5496  [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe        C:\Windows\system32\DRIVERS\risdsne64.sys
22:22:02.0397 5496  risdsnpe - ok
22:22:02.0428 5496  [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
22:22:02.0522 5496  Roxio UPnP Renderer 10 - ok
22:22:02.0537 5496  [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
22:22:02.0600 5496  Roxio Upnp Server 10 - ok
22:22:02.0631 5496  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:22:02.0725 5496  RpcEptMapper - ok
22:22:02.0740 5496  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:22:02.0771 5496  RpcLocator - ok
22:22:02.0803 5496  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:22:02.0896 5496  RpcSs - ok
22:22:02.0927 5496  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:22:03.0021 5496  rspndr - ok
22:22:03.0052 5496  [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:22:03.0099 5496  RTHDMIAzAudService - ok
22:22:03.0146 5496  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:22:03.0161 5496  SamSs - ok
22:22:03.0193 5496  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:22:03.0239 5496  sbp2port - ok
22:22:03.0317 5496  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:22:03.0380 5496  SBSDWSCService - ok
22:22:03.0411 5496  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:22:03.0520 5496  SCardSvr - ok
22:22:03.0551 5496  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:22:03.0661 5496  scfilter - ok
22:22:03.0739 5496  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:22:03.0879 5496  Schedule - ok
22:22:03.0910 5496  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:22:04.0004 5496  SCPolicySvc - ok
22:22:04.0019 5496  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
22:22:04.0097 5496  sdbus - ok
22:22:04.0144 5496  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:22:04.0222 5496  SDRSVC - ok
22:22:04.0269 5496  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:22:04.0394 5496  secdrv - ok
22:22:04.0441 5496  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:22:04.0550 5496  seclogon - ok
22:22:04.0581 5496  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:22:04.0690 5496  SENS - ok
22:22:04.0721 5496  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:22:04.0768 5496  SensrSvc - ok
22:22:04.0815 5496  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:22:04.0846 5496  Serenum - ok
22:22:04.0893 5496  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:22:04.0955 5496  Serial - ok
22:22:05.0018 5496  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:22:05.0080 5496  sermouse - ok
22:22:05.0127 5496  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:22:05.0252 5496  SessionEnv - ok
22:22:05.0283 5496  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
22:22:05.0345 5496  SFEP - ok
22:22:05.0377 5496  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:22:05.0439 5496  sffdisk - ok
22:22:05.0455 5496  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:22:05.0533 5496  sffp_mmc - ok
22:22:05.0533 5496  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:22:05.0595 5496  sffp_sd - ok
22:22:05.0626 5496  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:22:05.0673 5496  sfloppy - ok
22:22:05.0704 5496  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:22:05.0845 5496  SharedAccess - ok
22:22:05.0876 5496  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:05.0985 5496  ShellHWDetection - ok
22:22:06.0032 5496  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:22:06.0063 5496  SiSRaid2 - ok
22:22:06.0079 5496  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:22:06.0125 5496  SiSRaid4 - ok
22:22:06.0172 5496  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:22:06.0328 5496  SkypeUpdate - ok
22:22:06.0359 5496  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:22:06.0469 5496  Smb - ok
22:22:06.0515 5496  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:22:06.0578 5496  SNMPTRAP - ok
22:22:06.0656 5496  [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
22:22:06.0703 5496  SOHCImp - ok
22:22:06.0765 5496  [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
22:22:06.0812 5496  SOHDBSvr - ok
22:22:06.0843 5496  [ 556681BE668D71DC162391A45422B52C ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
22:22:06.0905 5496  SOHDms - ok
22:22:06.0952 5496  [ 72B46103E4111439109ACF5882627C24 ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
22:22:07.0015 5496  SOHDs - ok
22:22:07.0061 5496  [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
22:22:07.0124 5496  SOHPlMgr - ok
22:22:07.0155 5496  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:22:07.0202 5496  spldr - ok
22:22:07.0311 5496  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:22:07.0389 5496  Spooler - ok
22:22:07.0514 5496  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:22:07.0795 5496  sppsvc - ok
22:22:07.0826 5496  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:22:07.0951 5496  sppuinotify - ok
22:22:07.0997 5496  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:22:08.0091 5496  srv - ok
22:22:08.0107 5496  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:22:08.0185 5496  srv2 - ok
22:22:08.0200 5496  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:22:08.0263 5496  srvnet - ok
22:22:08.0325 5496  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:22:08.0434 5496  SSDPSRV - ok
22:22:08.0497 5496  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:22:08.0606 5496  SstpSvc - ok
22:22:08.0653 5496  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:22:08.0684 5496  stexstor - ok
22:22:08.0762 5496  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:22:08.0824 5496  StillCam - ok
22:22:08.0871 5496  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:22:08.0949 5496  stisvc - ok
22:22:08.0980 5496  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:22:09.0011 5496  swenum - ok
22:22:09.0043 5496  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:22:09.0199 5496  swprv - ok
22:22:09.0261 5496  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP           C:\Windows\system32\drivers\SynTP.sys
22:22:09.0308 5496  SynTP - ok
22:22:09.0386 5496  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:22:09.0557 5496  SysMain - ok
22:22:09.0589 5496  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:09.0651 5496  TabletInputService - ok
22:22:09.0667 5496  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:22:09.0776 5496  TapiSrv - ok
22:22:09.0823 5496  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:22:09.0932 5496  TBS - ok
22:22:10.0010 5496  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:22:10.0228 5496  Tcpip - ok
22:22:10.0291 5496  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:22:10.0400 5496  TCPIP6 - ok
22:22:10.0431 5496  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:22:10.0493 5496  tcpipreg - ok
22:22:10.0525 5496  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:22:10.0571 5496  TDPIPE - ok
22:22:10.0603 5496  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:22:10.0649 5496  TDTCP - ok
22:22:10.0696 5496  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:22:10.0821 5496  tdx - ok
22:22:10.0837 5496  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:22:10.0868 5496  TermDD - ok
22:22:10.0915 5496  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:22:11.0039 5496  TermService - ok
22:22:11.0086 5496  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:22:11.0133 5496  Themes - ok
22:22:11.0195 5496  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:22:11.0289 5496  THREADORDER - ok
22:22:11.0305 5496  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:22:11.0429 5496  TrkWks - ok
22:22:11.0539 5496  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:11.0663 5496  TrustedInstaller - ok
22:22:11.0710 5496  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:11.0788 5496  tssecsrv - ok
22:22:11.0819 5496  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:22:11.0866 5496  TsUsbFlt - ok
22:22:11.0913 5496  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:22:12.0022 5496  tunnel - ok
22:22:12.0085 5496  [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64        C:\Windows\system32\DRIVERS\TVICHW64.SYS
22:22:12.0116 5496  TVICHW64 - ok
22:22:12.0147 5496  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:22:12.0178 5496  uagp35 - ok
22:22:12.0209 5496  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
22:22:12.0241 5496  uCamMonitor - ok
22:22:12.0287 5496  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:22:12.0412 5496  udfs - ok
22:22:12.0443 5496  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:22:12.0506 5496  UI0Detect - ok
22:22:12.0553 5496  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:22:12.0584 5496  uliagpkx - ok
22:22:12.0599 5496  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:22:12.0662 5496  umbus - ok
22:22:12.0693 5496  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:22:12.0755 5496  UmPass - ok
22:22:12.0896 5496  [ 9E89C2D6945389270DE067CE51FF7425 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:22:13.0052 5496  UNS - ok
22:22:13.0099 5496  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:22:13.0223 5496  upnphost - ok
22:22:13.0270 5496  upperdev - ok
22:22:13.0317 5496  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:22:13.0411 5496  USBAAPL64 - ok
22:22:13.0457 5496  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:22:13.0520 5496  usbaudio - ok
22:22:13.0567 5496  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:13.0660 5496  usbccgp - ok
22:22:13.0660 5496  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:22:13.0723 5496  usbcir - ok
22:22:13.0738 5496  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:22:13.0801 5496  usbehci - ok
22:22:13.0832 5496  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:22:13.0910 5496  usbhub - ok
22:22:13.0925 5496  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:22:13.0972 5496  usbohci - ok
22:22:14.0003 5496  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:22:14.0050 5496  usbprint - ok
22:22:14.0081 5496  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:22:14.0128 5496  usbscan - ok
22:22:14.0159 5496  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\drivers\usbser.sys
22:22:14.0222 5496  usbser - ok
22:22:14.0237 5496  UsbserFilt - ok
22:22:14.0269 5496  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:14.0347 5496  USBSTOR - ok
22:22:14.0362 5496  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:22:14.0425 5496  usbuhci - ok
22:22:14.0518 5496  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:22:14.0596 5496  usbvideo - ok
22:22:14.0643 5496  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:22:14.0737 5496  UxSms - ok
22:22:14.0799 5496  [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
22:22:14.0861 5496  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
22:22:14.0861 5496  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
22:22:14.0924 5496  [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
22:22:14.0939 5496  VAIO Event Service - ok
22:22:15.0049 5496  [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
22:22:15.0095 5496  VAIO Power Management - ok
22:22:15.0111 5496  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:22:15.0142 5496  VaultSvc - ok
22:22:15.0236 5496  [ 6A740F5FF3246C3BE3DD317299EFC88E ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
22:22:15.0267 5496  VCFw - ok
22:22:15.0329 5496  [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
22:22:15.0423 5496  VcmIAlzMgr - ok
22:22:15.0485 5496  [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
22:22:15.0517 5496  VcmINSMgr - ok
22:22:15.0563 5496  [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
22:22:15.0595 5496  VcmXmlIfHelper - ok
22:22:15.0673 5496  [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
22:22:15.0688 5496  VCService - ok
22:22:15.0735 5496  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:22:15.0766 5496  vdrvroot - ok
22:22:15.0813 5496  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:22:15.0953 5496  vds - ok
22:22:15.0985 5496  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:16.0031 5496  vga - ok
22:22:16.0047 5496  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:22:16.0156 5496  VgaSave - ok
22:22:16.0187 5496  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:22:16.0234 5496  vhdmp - ok
22:22:16.0265 5496  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:22:16.0297 5496  viaide - ok
22:22:16.0328 5496  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:22:16.0375 5496  volmgr - ok
22:22:16.0406 5496  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:22:16.0468 5496  volmgrx - ok
22:22:16.0484 5496  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:22:16.0546 5496  volsnap - ok
22:22:16.0577 5496  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:22:16.0609 5496  vsmraid - ok
22:22:16.0671 5496  [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
22:22:16.0749 5496  VSNService ( UnsignedFile.Multi.Generic ) - warning
22:22:16.0749 5496  VSNService - detected UnsignedFile.Multi.Generic (1)
22:22:16.0827 5496  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:22:17.0045 5496  VSS - ok
22:22:17.0170 5496  [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent         C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
22:22:17.0248 5496  VUAgent - ok
22:22:17.0279 5496  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:22:17.0342 5496  vwifibus - ok
22:22:17.0373 5496  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:22:17.0435 5496  vwififlt - ok
22:22:17.0482 5496  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:22:17.0529 5496  vwifimp - ok
22:22:17.0591 5496  [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc        C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
22:22:17.0607 5496  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
22:22:17.0607 5496  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
22:22:17.0638 5496  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:22:17.0747 5496  W32Time - ok
22:22:17.0794 5496  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:22:17.0841 5496  WacomPen - ok
22:22:17.0888 5496  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:22:18.0013 5496  WANARP - ok
22:22:18.0013 5496  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:22:18.0106 5496  Wanarpv6 - ok
22:22:18.0262 5496  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:22:18.0418 5496  WatAdminSvc - ok
22:22:18.0527 5496  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:22:18.0683 5496  wbengine - ok
22:22:18.0715 5496  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:22:18.0761 5496  WbioSrvc - ok
22:22:18.0808 5496  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:22:18.0871 5496  wcncsvc - ok
22:22:18.0886 5496  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:18.0933 5496  WcsPlugInService - ok
22:22:18.0980 5496  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:22:19.0011 5496  Wd - ok
22:22:19.0073 5496  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:22:19.0183 5496  Wdf01000 - ok
22:22:19.0214 5496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:22:19.0463 5496  WdiServiceHost - ok
22:22:19.0479 5496  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:22:19.0510 5496  WdiSystemHost - ok
22:22:19.0573 5496  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:22:19.0666 5496  WebClient - ok
22:22:19.0697 5496  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:22:19.0838 5496  Wecsvc - ok
22:22:19.0853 5496  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:22:19.0947 5496  wercplsupport - ok
22:22:19.0963 5496  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:22:20.0087 5496  WerSvc - ok
22:22:20.0119 5496  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:22:20.0212 5496  WfpLwf - ok
22:22:20.0228 5496  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:22:20.0275 5496  WIMMount - ok
22:22:20.0290 5496  WinDefend - ok
22:22:20.0290 5496  WinHttpAutoProxySvc - ok
22:22:20.0384 5496  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:22:20.0493 5496  Winmgmt - ok
22:22:20.0618 5496  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:22:20.0836 5496  WinRM - ok
22:22:20.0899 5496  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:22:20.0977 5496  WinUsb - ok
22:22:21.0039 5496  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:22:21.0148 5496  Wlansvc - ok
22:22:21.0273 5496  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:22:21.0413 5496  wlidsvc - ok
22:22:21.0460 5496  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:22:21.0507 5496  WmiAcpi - ok
22:22:21.0554 5496  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:22:21.0616 5496  wmiApSrv - ok
22:22:21.0663 5496  WMPNetworkSvc - ok
22:22:21.0710 5496  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:22:21.0757 5496  WPCSvc - ok
22:22:21.0788 5496  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:22:21.0850 5496  WPDBusEnum - ok
22:22:21.0866 5496  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:22:21.0975 5496  ws2ifsl - ok
22:22:21.0991 5496  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:22:22.0053 5496  wscsvc - ok
22:22:22.0100 5496  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:22:22.0147 5496  WSDPrintDevice - ok
22:22:22.0162 5496  WSearch - ok
22:22:22.0256 5496  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:22:22.0412 5496  wuauserv - ok
22:22:22.0459 5496  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:22:22.0537 5496  WudfPf - ok
22:22:22.0552 5496  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:22.0583 5496  WUDFRd - ok
22:22:22.0615 5496  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:22:22.0646 5496  wudfsvc - ok
22:22:22.0677 5496  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:22:22.0755 5496  WwanSvc - ok
22:22:22.0817 5496  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
22:22:22.0880 5496  yukonw7 - ok
22:22:22.0911 5496  ================ Scan global ===============================
22:22:22.0942 5496  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:22:22.0989 5496  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:22:23.0005 5496  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:22:23.0036 5496  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:22:23.0051 5496  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:22:23.0067 5496  [Global] - ok
22:22:23.0067 5496  ================ Scan MBR ==================================
22:22:23.0083 5496  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:22:23.0708 5496  \Device\Harddisk0\DR0 - ok
22:22:23.0708 5496  ================ Scan VBR ==================================
22:22:23.0739 5496  [ 66442B79E7865476874185444D62C789 ] \Device\Harddisk0\DR0\Partition1
22:22:23.0754 5496  \Device\Harddisk0\DR0\Partition1 - ok
22:22:23.0754 5496  [ 2B9CB9C7B5B6176D292F416A3B2E40EE ] \Device\Harddisk0\DR0\Partition2
22:22:23.0770 5496  \Device\Harddisk0\DR0\Partition2 - ok
22:22:23.0770 5496  ============================================================
22:22:23.0770 5496  Scan finished
22:22:23.0770 5496  ============================================================
22:22:23.0786 0240  Detected object count: 10
22:22:23.0786 0240  Actual detected object count: 10
22:24:13.0114 0240  acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0114 0240  acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0114 0240  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0114 0240  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0114 0240  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0114 0240  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0129 0240  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0129 0240  IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240  IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0129 0240  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0129 0240  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0129 0240  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0129 0240  VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0129 0240  VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:24:13.0145 0240  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:13.0145 0240  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 13.01.2013, 17:37   #9
markusg
/// Malware-holic
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.01.2013, 18:14   #10
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Hallo,

auch hierfür mal wieder besten Dank. Konnte Avira Antivir nicht aus dem Task Manager löschen und schließen, habe es aber auf "Disable" gestellt. Hat hoffentlich funktioniert...

Hier das Log:

Code:
ATTFilter
ComboFix 13-01-13.01 - mhvn 13.01.2013  18:53:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.1902 [GMT 1:00]
ausgeführt von:: c:\users\mhvn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ras_0oed.pad
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-13 bis 2013-01-13  ))))))))))))))))))))))))))))))
.
.
2013-01-13 18:03 . 2013-01-13 18:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-11 21:32 . 2013-01-11 21:32	--------	d-----w-	C:\tdsskiller
2013-01-09 22:31 . 2013-01-09 22:31	--------	d-----w-	c:\users\mhvn\AppData\Roaming\Malwarebytes
2013-01-09 22:31 . 2013-01-09 22:31	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-09 22:31 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-09 22:31 . 2013-01-09 22:31	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-09 22:26 . 2013-01-09 22:26	--------	d-----w-	c:\program files (x86)\ESET
2013-01-09 21:46 . 2013-01-09 21:21	9650656	----a-w-	C:\hitmanpro_x64.exe
2013-01-09 21:25 . 2013-01-11 06:50	--------	d-----w-	c:\programdata\HitmanPro
2013-01-09 21:24 . 2013-01-09 21:25	--------	d-----w-	C:\Stick
2013-01-09 06:51 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-04 20:57 . 2013-01-04 20:57	--------	d-----w-	c:\users\mhvn\AppData\Roaming\TuneUp Software
2013-01-04 20:56 . 2013-01-04 20:57	--------	d-----w-	c:\programdata\TuneUp Software
2013-01-04 20:55 . 2013-01-04 21:04	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-04 20:55 . 2013-01-04 20:55	--------	d--h--w-	c:\programdata\Common Files
2012-12-21 07:40 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 07:40 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 07:40 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 07:40 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 07:07 . 2010-05-30 23:46	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-08 20:57 . 2012-07-01 13:13	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 20:57 . 2012-01-03 11:58	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 20:29 . 2012-11-24 17:45	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-13 20:29 . 2012-11-24 17:45	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-30 04:45 . 2013-01-09 06:51	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-17 22:05 . 2012-11-17 22:05	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-17 22:05 . 2012-06-07 14:04	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-11-17 22:05 . 2010-07-01 04:53	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-14 07:06 . 2012-12-13 22:07	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 22:07	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 22:08	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 22:08	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 22:08	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 22:08	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 22:08	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 22:08	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 22:08	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 22:08	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 22:08	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 22:08	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 22:08	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 22:08	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 22:08	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 22:08	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 22:08	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 22:08	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 22:08	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 22:08	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 22:08	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 22:08	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 19:15	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 19:15	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-08 17:24 . 2012-11-23 17:07	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{22DE01DA-6B89-473C-8E23-6387A5BC0625}\mpengine.dll
2012-11-02 05:59 . 2012-12-13 19:15	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 19:15	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-16 08:38 . 2012-11-28 17:35	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:35	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:35	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-10-25 162408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-13 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"MarketingTools"=c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 DIRECTIO;DIRECTIO;f:\burnintest\DirectIo.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-13 151936]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-12-18 21200]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-20 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-06-24 376400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-13 85280]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2009-09-15 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 386416]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 20:57]
.
2013-01-13 c:\windows\Tasks\DMEPeriodicTask.job
- c:\program files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 06:17]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 08:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.2.110/codebase/DVM_IPCam2.ocx
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=8da3f1a1-07c1-495b-91dc-cc54b95ef181&apn_ptnrs=%5EAGS&apn_sauid=3EF5C33D-81F1-4A74-9F47-5A1EEB536A57&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: !HIDDEN! 2010-07-21 00:07; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-13  19:09:26
ComboFix-quarantined-files.txt  2013-01-13 18:09
.
Vor Suchlauf: 18 Verzeichnis(se), 394.779.140.096 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 393.778.749.440 Bytes frei
.
- - End Of File - - A618D790397E37A836EC35C59C70AA41
         

Alt 13.01.2013, 20:15   #11
markusg
/// Malware-holic
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.01.2013, 22:38   #12
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Bitte schön:

Code:
ATTFilter
7-Zip 9.14 beta		18.06.2010, notwendig		
Adobe AIR	Adobe Systems Incorporated	16.10.2012		3.4.0.2710, unbekannt
Adobe Dreamweaver CS3	Adobe Systems Incorporated	27.05.2010	861MB	9.0, notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.01.2013	6,00MB	11.5.502.146, notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	08.01.2013	6,00MB	11.5.502.146, notwendig
Adobe Photoshop CS3	Adobe Systems Incorporated	27.05.2010	1,10GB	10.0, notwendig
Adobe Reader 9.5.3 - Deutsch	Adobe Systems Incorporated	13.01.2013	119MB	9.5.3, notwendig
Apple Application Support	Apple Inc.	03.08.2012	61,0MB	2.1.9, unnötig
Apple Mobile Device Support	Apple Inc.	03.08.2012	24,9MB	5.2.0.6, unnötig
Apple Software Update	Apple Inc.	03.08.2012	2,38MB	2.1.3.127, unnötig
ArcSoft Magic-i Visual Effects 2	ArcSoft	26.05.2010		2.0.1.85, unbekannt
ArcSoft WebCam Companion 3	ArcSoft	26.05.2010		3.0.21.278, unbekannt
ATI Catalyst Install Manager	ATI Technologies, Inc.	18.12.2010	22,2MB	3.0.769.0, notwendig
Avery Wizard 3.1	Avery	30.09.2010	13,5MB	3.1.8, notwendig
Avira Free Antivirus	Avira	13.12.2012	128MB	13.0.0.2890, notwendig
CCleaner	Piriform	22.08.2012		3.22, notwendig
Compatibility Pack für 2007 Office System	Microsoft Corporation	09.01.2013	226MB	12.0.6612.1000, notwendig
CutePDF Writer 2.8		28.05.2010, , notwendig		
DATA BECKER CD-Druckerei 6		24.06.2010		6.00.000, , notwendig
DesignPro 5	Avery Dennison	30.09.2010	18,1MB	5.5.708, , notwendig
Einstellungen für VAIO-Inhaltsüberwachung	Sony Corporation	23.02.2010. , notwendig
ElsterFormular-Upgrade	Landesfinanzdirektion Thüringen	04.08.2012		13.3.0.9066, notwendig
Eraser 6.0.7.1893	The Eraser Project	19.06.2010	2,32MB	6.7.1893, notwendig
Evernote	Evernote Corp.	23.02.2010	53,1MB	3.5.0.545, unbekannt
Facebook Plug-In	Facebook, Inc.	15.06.2010, unnötig		
Free WMA to MP3 Converter 1.16	Jodix Technologies Ltd.	18.09.2011, unnötig		
FreePDF (Remove only)		30.11.2010, notwendig		
Google Earth	Google	25.11.2011	92,7MB	6.1.0.5001, unnötig
GPL Ghostscript 8.71		28.05.2010, unbekannt		
HP Customer Participation Program 14.0	HP	28.08.2011		14.0, notwendig
HP Imaging Device Functions 14.0	HP	28.08.2011		14.0, notwendig
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5	HP	28.08.2011		14.0, notwendig
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6	HP	03.01.2012		14.0, notwendig
HP Print Projects 1.0	HP	07.07.2010		1.0, notwendig
HP Product Detection	HP	07.05.2012	1,86MB	11.14.0001, notwendig
HP Smart Web Printing 4.60	HP	20.07.2010		4.60, notwendig
HP Solution Center 14.0	HP	03.01.2012		14.0, notwendig
HP Update	Hewlett-Packard	27.12.2011	3,98MB	5.003.001.001, notwendig
Intel(R) Control Center	Intel Corporation	23.02.2010		1.2.1.1007, unbekannt
Intel(R) Management Engine Components	Intel Corporation	23.02.2010		6.0.0.1179, unbekannt
Intel(R) Rapid Storage Technology	Intel Corporation	23.02.2010		9.5.4.1001, unbekannt
Intel(R) Turbo Boost Technology Driver	Intel Corporation	23.02.2010		01.00.01.1002, unbekannt
IP Camera		17.08.2010, unbekannt, notwendig	
IrfanView (remove only)	Irfan Skiljan	28.05.2010	1,50MB	4.27, notwendig
iTunes	Apple Inc.	03.08.2012	184MB	10.6.3.25, unwichtig
Japanese Fonts Support For Adobe Reader 9	Adobe Systems Incorporated	18.07.2010	16,4MB	9.0.0, unwichtig
Java 2 Runtime Environment Standard Edition 1.3.1_20		20.06.2010, unbekannt		
Java 7 Update 9	Oracle	17.11.2012	128MB	7.0.90, unbekannt
Java(TM) 6 Update 16 (64-bit)	Sun Microsystems, Inc.	23.02.2010	90,8MB	6.0.160, unbekannt
Java(TM) 6 Update 32	Oracle	07.06.2012	95,7MB	6.0.320, unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	09.01.2013	18,4MB	1.70.0.1100, unnötig?
Media Gallery	Sony Corporation	23.02.2010		1.1.1.11200, unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	19.12.2010	38,8MB	4.0.30319, unbkannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	19.12.2010	2,93MB	4.0.30319, unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	18.09.2011	7,95MB	14.0.5130.5003, unbekannt
Microsoft Office Live Add-in 1.5	Microsoft Corporation	16.07.2012	508KB	2.0.4024.1, unbekannt
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	09.01.2013	29,8MB	12.0.6612.1000, unbekannt
Microsoft Office Small Business Edition 2003	Microsoft Corporation	09.01.2013	1,09GB	11.0.8173.0, unbekannt
Microsoft Office Suite Activation Assistant	Microsoft Corporation	23.02.2010	8,36MB	2.9, unbekannt
Microsoft Silverlight	Microsoft Corporation	27.06.2012	40,3MB	4.1.10329.0, unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	23.02.2010	1,72MB	3.1.0000. unbekannt
Microsoft SQL Server Compact 3.5 SP1 English	Microsoft Corporation	23.02.2010	2,59MB	3.5.5692.0, unbekannt
Microsoft SQL Server Compact 3.5 SP1 x64 English	Microsoft Corporation	23.02.2010	3,69MB	3.5.5692.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	13.12.2010	258KB	8.0.50727.4053, unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	13.12.2010	250KB	8.0.50727.4053, unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	300KB	8.0.61001, unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	23.02.2010	708KB	8.0.61000, unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	18.05.2011	580KB	8.0.51011, unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	03.06.2011	198KB	9.0.30729.4148. unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	18.05.2011	790KB	9.0.30729.5570, unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	18.12.2010	784KB	9.0.30729.4148. unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	788KB	9.0.30729.6161, unebekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	01.06.2011	600KB	9.0.30729, unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161, unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	26.11.2012	1,31MB	10.0.40219. unbekannt
Microsoft Works	Microsoft Corporation	10.10.2012	1,01GB	9.7.0621, unbekannt
Mozilla Firefox 18.0 (x86 de)	Mozilla	11.01.2013	46,4MB	18.0, notwendig
Mozilla Maintenance Service	Mozilla	11.01.2013	330KB	18.0, unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	27.05.2010	1,27MB	4.20.9870.0, unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	27.05.2010	1,33MB	4.20.9876.0, unbekannt
MusicStation	Omnifone	23.02.2010	21,4MB	2.0.0.1067, unbekannt
PDF24 Creator 4.9.0	PDF24.org	29.10.2012	33,9MB	, notwendig
PMB	Sony Corporation	31.05.2010	276MB	5.1.00.13280, unbekannt
PMB VAIO Edition Guide	Sony Corporation	31.05.2010	72,3MB	1.2.00.15250, , notwendig
PMB VAIO Edition plug-in (VAIO Image Optimizer)	Sony Corporation	31.05.2010	54,8MB	1.2.00.15250, notwendig
PMB VAIO Edition plug-in (VAIO Movie Story)	Sony Corporation	31.05.2010	69,5MB	2.2.00.15250, notwendig
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	24.06.2010		11.0.0.10, unbekannt
QuickTime	Apple Inc.	28.12.2010	73,7MB	7.69.80.9, unwichtig
Realtek HDMI Audio Driver for ATI	Realtek Semiconductor Corp.	23.02.2010		6.0.1.5992, , notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	30.05.2010		6.0.1.5992, notwendig
RedMon - Redirection Port Monitor		28.05.2010, unbekannt		
Roxio Easy Media Creator 10 LJ	Roxio	26.05.2010	125MB	10.3, unbekannt
Setting Utility Series	Sony Corporation	23.02.2010		5.1.0.11200, , notwendig
Shop for HP Supplies	HP	28.08.2011		14.0, unbekannt
Skype™ 5.10	Skype Technologies S.A.	29.08.2012	19,4MB	5.10.116, notwendig
Sony Home Network Library	Sony Corporation	23.02.2010		2.0.1.10160, , notwendig
Spybot - Search & Destroy	Safer Networking Limited	13.02.2011		1.6.2, notwendig
Surf & E-Mail-Stick	Huawei Technologies Co.,Ltd	17.08.2010		11.301.08.00.35, notwendig
svBuilder	SimpleViewer Inc	16.10.2012		2.3.1, unwichtig
Synaptics Pointing Device Driver	Synaptics Incorporated	23.02.2010		14.0.10.0, unbekannt
Tinypic 3.14	E. Fiedler	19.08.2011		Tinypic 3.14, unbekannt
Universal Document Converter (Demo)	fCoder Group, Inc.	08.06.2012		5.3, unbekannt
VAIO Care	Sony Corporation	20.12.2011		6.4.2.11150, notwendig, 
VAIO Content Metadata Intelligent Analyzing Manager	Sony Corporation	23.02.2010		3.6.0.09250, notwendig
VAIO Content Metadata Intelligent Network Service Manager	Sony Corporation	31.05.2010		3.7.0.14191, notwendig
VAIO Content Metadata Manager Settings	Sony Corporation	31.05.2010		3.7.0.13221, notwendig
VAIO Content Metadata XML Interface Library	Sony Corporation	31.05.2010		3.7.0.14191, notwendig
VAIO Control Center	Sony Corporation	18.12.2010		4.1.1.07160, notwendig
VAIO Data Restore Tool	Sony Corporation	23.02.2010		1.2.0.09150, notwendig
VAIO DVD Menu Data	Sony Corporation	23.02.2010		2.0.00.10130, notwendig
VAIO Energie Verwaltung	Sony Corporation	23.02.2010		5.0.0.11300, notwendig
VAIO Entertainment Platform	Sony Corporation	23.02.2010		3.6.0.09150, notwendig
VAIO Event Service	Sony Corporation	23.02.2010		5.1.0.12010, notwendig
VAIO Gate	Sony Corporation	18.12.2010		2.2.1.09131, notwendig
VAIO Gate Default	Sony Corporation	23.02.2010		1.0.0.10290, notwendig
VAIO Marketing Tools	Sony Corporation	26.05.2010		, notwendig
VAIO Media plus	Sony Corporation	23.02.2010		2.0.1.10160, notwendig
VAIO Media plus Opening Movie	Sony Corporation	23.02.2010		1.2.0.09100, notwendig
VAIO Movie Story Template Data	Sony Corporation	23.02.2010	438MB	2.0.00.09240, notwendig
VAIO Original Funktion Einstellungen	Sony Corporation	23.02.2010		2.0.0.07010, notwendig
VAIO Personalization Manager	Sony Corporation	23.02.2010		2.0.0.06220, notwendig
VAIO Premium Partners	Sony Europe	26.05.2010		1.0, notwendig
VAIO Quick Web Access	Sony Corporation	18.12.2010	303MB	1.3.1.7, notwendig
VAIO screensaver	Sony Europe	26.05.2010		1.0.0.0, notwendig
VAIO Smart Network	Sony Corporation	18.12.2010		3.3.1.08110, notwendig
VAIO Update	Sony Corporation	12.01.2013		6.1.1.10250, notwendig
VAIO Wallpaper Contents	Sony Corporation	23.02.2010		2.0.0.06010, notwendig
VAIO-Support für Übertragungen	Sony Corporation	01.07.2010		1.1.2.06030, notwendig
VLC media player 1.0.5	VideoLAN Team	26.05.2010		1.0.5, notwendig
WIDCOMM Bluetooth Software	Broadcom Corporation	29.01.2010	144MB	6.2.1.500, unbekannt
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)	Broadcom	26.05.2010		09/09/2009 6.2.0.9405, unbekannt
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	26.05.2010		07/28/2009 6.2.0.9800, unbekannt
Windows Live Essentials	Microsoft Corporation	26.06.2012		15.4.3555.0308, unbkannt
Windows Live Sync	Microsoft Corporation	12.12.2010	2,79MB	14.0.8117.416, unbekannt
Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)	Nokia	23.09.2010		06/09/2010 4.5. unbekannt
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)	Nokia	23.09.2010		06/09/2010 7.01.0.7, unbekannt
WinRAR		27.05.2010	, notwendig
         

Alt 14.01.2013, 19:33   #13
markusg
/// Malware-holic
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ArcSoft : beide, falls du keine cam nutzt.
Facebook
Free WMA
Google Earth
iTunes
Japanese
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Media Gallery
QuickTime
Shop
Spybot : kann man beruhigt drauf verzichten, nicht mehr sonderlich hilfreich.
svBuilder
Tinypic
Universal Document
Windows Live : alle für dich unnötigen

Öffne CCleaner, analysieren starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.01.2013, 22:40   #14
centurio_bla
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Adware Log

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 14/01/2013 um 23:39:25 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : mhvn - 
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\mhvn\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\mhvn\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gefunden : HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-3312566914-2936580668-3725363455-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\mhvn\AppData\Roaming\Mozilla\Firefox\Profiles\6469u65k.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\mhvn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3470 octets] - [14/01/2013 23:39:25]

########## EOF - C:\AdwCleaner[R1].txt - [3530 octets] ##########
         

Alt 15.01.2013, 19:47   #15
markusg
/// Malware-holic
 
GVU Trojaner (Paysafe) - Standard

GVU Trojaner (Paysafe)



Hi

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten bitte, testen, wie der PC läuft, auch Programme testen. (browser) zb
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner (Paysafe)
7-zip, avira searchfree toolbar, becker, ebenfalls, eraser, files, folge, gvu trojaner, hallo zusammen, hoffe, install.exe, otl scan, paysafe, richtlinie, scan, tr/winlock.jc, tr/winlock.jc!, troja, trojaner, zusammen



Ähnliche Themen: GVU Trojaner (Paysafe)


  1. Paysafe-Trojaner eingefangen - was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (16)
  2. Paysafe-Trojaner eingefangen
    Mülltonne - 13.12.2013 (0)
  3. Bundes Trojaner - 100 € PaySafe - PC gesperrt!
    Log-Analyse und Auswertung - 12.07.2013 (11)
  4. GVU, BSI Paysafe Trojaner 48h Countdown
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (11)
  5. AKM 50€ PaySafe Trojaner
    Log-Analyse und Auswertung - 13.11.2012 (10)
  6. AKM/BMI €50 Paysafe-trojaner Problem
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (2)
  7. DVU Trojaner, Ukash und Paysafe
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (18)
  8. Trojaner BMI AKM Paysafe
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (26)
  9. AKM/BM.I Paysafe Trojaner (Einzahlung 100€)
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  10. Hilfe! Paysafe-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (4)
  11. Ukash/Paysafe-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (9)
  12. 50 Euro Paysafe Trojaner
    Log-Analyse und Auswertung - 23.03.2012 (3)
  13. AKM/BMI €50 Paysafe-trojaner (PC-Zugriff gesperrt)
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (11)
  14. Polizei Trojaner 100Euro Paysafe
    Log-Analyse und Auswertung - 22.03.2012 (1)
  15. Trojaner 50 € Paysafe // Windows gesperrt
    Log-Analyse und Auswertung - 21.03.2012 (3)
  16. gema - paysafe trojaner...
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (15)
  17. Gema Paysafe Trojaner 50 Euro
    Log-Analyse und Auswertung - 21.02.2012 (11)

Zum Thema GVU Trojaner (Paysafe) - Hallo zusammen, mein Sohn hat ebenfalls einen GVU Trojaner eingefangen. Bin als Laie leider hilflos. Ich führe vorsorglich einen OTL Scan durch, das sollte Euch hoffentlich helfen. Log Files folgen. - GVU Trojaner (Paysafe)...
Archiv
Du betrachtest: GVU Trojaner (Paysafe) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.